Tuesday, April 29, 2025

Wordpress

WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests

Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress plugins to trigger over 1.4 billion fraudulent ad requests every day. Dubbed “Scallywag,” this scheme leverages customizable extensions to monetize...

Over 100,000 WordPress Plugin Vulnerability Exploited Just 4 Hours After Disclosure

Over 100,000 WordPress websites have been exposed to a critical security vulnerability, following the public disclosure of a flaw in the popular SureTriggers plugin...

Rogue Account‑Creation Flaw Leaves 100 K WordPress Sites Exposed

A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk. The issue, discovered by security researcher...

50,000+ WordPress Sites Vulnerable to Privilege Escalation Attacks

In a recent cybersecurity development, over 50,000 WordPress websites using the Uncanny Automator plugin have been identified as vulnerable to a critical privilege escalation...

20,000 WordPress Sites at Risk of File Upload & Deletion Exploits

A critical security alert has been issued to WordPress site administrators following the discovery of two high-severity vulnerabilities in the "WP Ultimate CSV Importer"...

Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution

Security researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the exploitation of the "mu-plugins" (Must-Use plugins) directory. This directory, designed...

Massive “DollyWay” Malware Attack Compromises 20,000+ WordPress Sites Worldwide

A significant malware operation, dubbed "DollyWay," has been uncovered by GoDaddy Security researchers, revealing a sophisticated campaign that has compromised over 20,000 WordPress sites...

Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability

A critical security flaw in the widely used GiveWP – Donation Plugin and Fundraising Platform has left over 10,000 WordPress websites vulnerable to remote code execution...

WordPress Admins Warned of Fake Plugins Injecting Malicious Links into Websites

A new wave of cyberattacks targeting WordPress websites has been uncovered, with attackers leveraging fake plugins to inject malicious links into site footers. These...

Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw

A critical security vulnerability in the Essential Addons for Elementor plugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via...

90,000 WordPress Sites Exposed to Local File Inclusion Attacks

A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw...